<?php
/**
 * Authorisation logic.
 *
 * @category Zend
 * @package Disputeo
 * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc.
 * @version $Id$
 * @link http://framework.zend.com
 * @since Available since release 1.0
 * @license GPL v3
 */

class Disputeo_Auth implements Zend_Auth_Adapter_Interface
{
    
    /**
     * @var Zend_Auth_Adapter_DbTable
     */
    protected $_adapter;
    
    /**
     * @var Zend_Auth
     */
    protected $_auth;
    
    /**
     * @var Zend_Session
     */
    protected $_session;

    /**
     * Initialise auth object
     */
    public function __construct()
    {
        $this->_auth = Zend_Auth::getInstance();
        $this->_adapter = new Zend_Auth_Adapter_DbTable();
        
        $namespace = new Zend_Auth_Storage_Session(Disputeo_Session::SESSION_NAMESPACE);
        $this->_auth->setStorage($namespace);
        
        $this->_session = Disputeo_Session::getSession();
    }
    
    /**
     * Authenticate using DB adapter
     * 
     * @throws Zend_Auth_Adapter_Exception if authentication cannot happen 
     * @return Zend_Auth_Result
     */
    public function authenticate()
    {
        return $this->_auth->authenticate($this->_adapter);
    }
    
    /**
     * Get the auth instance
     * 
     * @return Zend_Auth 
     */
    public function getAuth()
    {
        return $this->_auth;
    }
    
    /**
     * Set auth adapter
     * 
     * @param Application_Model_User $user 
     * @param boolean $encoded
     */
    protected function _setUser(Application_Model_User $user, $encoded = true)
    {
        $dbAdapter = $user->getTable()->getAdapter();
        $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
        $authAdapter->setTableName('user')
            ->setIdentityColumn('userName')
            ->setCredentialColumn('password');
        
        if (! $encoded) {
            $authAdapter->setCredentialTreatment('SHA1(CONCAT(?, passwordSalt))');
        }
            
        $authAdapter->setIdentity($user->userName)
            ->setCredential($user->password);
        
        $this->_adapter = $authAdapter;
    }
    
    /**
     * Clear identity, end session
     */
    protected function _clearIdentity()
    {
        $this->_auth->clearIdentity();
        $this->_session->clear();
    }
    
    /**
     * Quick authorise method
     * 
     * @param Application_Model_User $user
     * @param boolean $encoded
     * @return boolean
     */
    public static function authorise(Application_Model_User $user, $encoded = true)
    {
        $auth = new self();
        $auth->_setUser($user, $encoded);
        $result = $auth->authenticate();
        
        if ($result->isValid()) {
            $data = $auth->_adapter->getResultRowObject();
            $auth->_session->username = $data->userName;
            $auth->_session->userId = $data->userId;
            $auth->_session->usertype = $data->isAdmin ? Disputeo_Acl::ADMIN : Disputeo_Acl::MEMBER;
            return true;
        }
        
        return false;
    }
    
    /**
     * Calls self::authorise($user) with non encoded password
     * 
     * @param array $data
     * @return boolean
     */
    public static function isValid($data)
    {
        $user = new Application_Model_User($data);
        return self::authorise($user, false);
    }
    
    /**
     * Quick log out method
     */
    public static function signOut()
    {
        $auth = new self();
        $auth->_clearIdentity();
    }
}
